将 keeplived 进程用户从 root 改为 keepalived （或其他）

我想知道如何将进程名称 root 更改为另一个？

使用以下命令时：

ps aux | grep keepalived

root     26982  0.0  0.0  19344  1560 ?        Ss   11:52   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root     26983  0.0  0.1  19344  2404 ?        S    11:52   0:02 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root     30816  0.0  0.0   9288  1628 pts/1    S+   13:49   0:00 grep --color=auto keepalived

keepalived 按预期工作，处理虚拟 IP 和故障转移。

但我想将 root 更改为用户名：keepalived

我的环境：

• Linux 发行版：SUSE SLES 12 SP4
• Linux内核：4.12.14-95.13
• Unix 守护进程：systemd
• keepalived 版本：
  • 1.4.5（使用 zypper 从https://software.opensuse.org/package/keepalived）
  • 另外，尝试从源代码进行安装
  • 按照安装步骤https://www.keepalived.org/doc/installing_keepalived.html#build-and-install
  • 1.4.5（来自https://www.keepalived.org/download.html）
  • 2.0.16（来自https://www.keepalived.org/download.html）

（由于https://www.keepalived.org/index.html说：”git master 分支中存在的 Keepalived 代码必须被视为稳定且面向未来的。“，

和https://www.keepalived.org/manpage.html只显示一个版本(是2.0.16吗?)文档,我选择2.0.16进行讨论)

（以下信息是2.0.16版本，以root身份运行命令，但我在1.4.5中也看到类似的错误）

我如何安装keepalived：

wget http://keepalived.org/software/keepalived-2.0.16.tar.gz
tar -xvf keepalived-2.0.16.tar.gz
cd keepalived-2.0.16/
zypper in gcc
zypper in openssl-devel
./configure --prefix=/usr/local/keepalived-2.0.16
make
sudo make install

设置 keepalived.conf

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
    script_user keepalived
    enable_script_security
}
# Script used to check if nginx is running
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass pass
    }
    # The virtual ip address shared between the two loadbalancers
    virtual_ipaddress { # Block limited to 20 IP addresses
        192.168.2.179
    }
    track_script {
        check_nginx
    }
}

我已经尝试过：

1. cp /usr/lib/systemd/system/keeplaived.service 到 /etc/systemd/system/keepalived.service 并添加用户标签

User=keepalived
Group=users

但是 keepalived 不再工作，keepalived 停止了。

2. 更改 /etc/systemd/system/keepalived.service 中的目录和权限

#PIDFile=/var/run/keepalived.pid
ExecStart=/usr/local/keepalived-2.0.16/sbin/keepalived $KEEPALIVED_OPTIONS -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid

useradd -M -s /bin/nologin -d /opt/keepalived keepalived

chown -R keepalived:users /etc/keepalived/

这时候keepalived开始工作

keepali+ 26289  0.0  0.0  19344  1628 ?        Ss   11:34   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
keepali+ 26290  0.0  0.1  19344  2456 ?        S    11:34   0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
root     26323  0.0  0.0   9288  1628 pts/1    S+   11:35   0:00 grep --color=auto keepalived

但是在 systemctl status keepalived 和 journalctl -xe 中出现以下错误

-- Unit keepalived.service has begun starting up.
Keepalived[10409]: Starting Keepalived v2.0.16 (05/03,2019), git commit v2.0.15-96-g4d492740+
Keepalived[10409]: Running on Linux 4.12.14-95.13-default #1 SMP Fri Mar 22 06:04:58 UTC 2019 (c01bf34) (bu
Keepalived[10409]: Command line: '/usr/local/keepalived-2.0.16/sbin/keepalived' '-D' '-p'
Keepalived[10409]:               '/etc/keepalived/keepalived.pid' '-r' '/etc/keepalived/vrrp.pid' '-c'
Keepalived[10409]:               '/etc/keepalived/keepalived_checkers.pid'
Keepalived[10409]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived[10409]: Failed to bind to process monitoring socket - errno 1 - Operation not permitted
systemd[1]: Started LVS and VRRP High Availability Monitor.
-- Subject: Unit keepalived.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit keepalived.service has finished starting up.
-- 
-- The start-up result is done.
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/keepalived.pid
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/vrrp.pid
Keepalived[10412]: Starting VRRP child process, pid=10413
Keepalived_vrrp[10413]: Registering Kernel netlink reflector
Keepalived_vrrp[10413]: Registering Kernel netlink command channel
Keepalived_vrrp[10413]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived_vrrp[10413]: Assigned address 192.168.2.178 for interface eth0
Keepalived_vrrp[10413]: Assigned address fe80::a00:27ff:feef:6ebe for interface eth0
Keepalived_vrrp[10413]: Error 1 while registering gratuitous ARP shared channel
Keepalived_vrrp[10413]: (VI_1) removing VIPs.
Keepalived_vrrp[10413]: Netlink: error: Operation not permitted, type=RTM_DELADDR(21), seq=1557728895, pid=
Keepalived_vrrp[10413]: cant open raw socket. errno=1
Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE (init)
Keepalived_vrrp[10413]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(-1,-1)]
Keepalived_vrrp[10414]: Couldn't setgroups: 100 (Operation not permitted)
Keepalived_vrrp[10413]: VRRP_Script(check_nginx) succeeded
Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 150 to 152
Keepalived_vrrp[10415]: Couldn't setgroups: 100 (Operation not permitted)

（在我的例子中，我使用 keepalived 来故障转移 nginx ）另外，我想问

• 有没有关于 keepalived 的论坛或问答？

• 安装 keepalived 的更好方法？

  • 来自 zypper（包管理器）的 keepalived 1.4.5（目前）？
  • keepalived 最新 2.0.16（目前）来自源代码？

• 我所做的事情或者我的想法是否是错误的或者奇怪的？